1.\" $NetBSD: SHAKE.3,v 1.1 2017/11/30 16:00:48 wiz Exp $ 2.\" 3.\" Copyright (c) 2015 Taylor R. Campbell 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.Dd October 14, 2015 28.Dt SHAKE 3 29.Os 30.Sh NAME 31.Nm SHAKE 32.Nd NIST FIPS PUB 202: SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions 33.Sh SYNOPSIS 34.In sha3.h 35.Ft void 36.Fn SHAKE128_Init "SHAKE128_CTX *ctx" 37.Ft void 38.Fn SHAKE128_Update "SHAKE128_CTX *ctx" "const uint8_t *buf" "size_t len" 39.Ft void 40.Fn SHAKE128_Final "uint8_t *output[]" "size_t outlen" "SHAKE128_CTX *ctx" 41.Ft void 42.Fn SHAKE256_Init "SHAKE256_CTX *ctx" 43.Ft void 44.Fn SHAKE256_Update "SHAKE256_CTX *ctx" "const uint8_t *buf" "size_t len" 45.Ft void 46.Fn SHAKE256_Final "uint8_t *output[]" "size_t outlen" "SHAKE256_CTX *ctx" 47.Sh DESCRIPTION 48The 49.Nm 50functions implement the extendable-output functions of the NIST SHA-3 51standard, FIPS PUB 202. 52The 53.Nm 54functions absorb an arbitrary-length message m and yield an 55arbitrary-length output SHAKE128(m) or SHAKE256(m), truncated to a 56specified number of octets. 57.Pp 58Before using the 59.Nm 60functions, applications should first call 61.Xr SHA3_Selftest 3 62and confirm that it succeeded. 63.Pp 64Only the 65.Nm SHAKE128 66functions are specified in detail; the 67.Nm SHAKE256 68functions are analogous. 69.Pp 70The caller must allocate memory for a 71.Vt SHAKE128_CTX 72object to hold the state of a SHAKE128 computation over a message. 73.Vt SHAKE128_CTX 74objects may be copied or relocated in memory. 75.Bl -tag -width abcd 76.It Fn SHAKE128_Init "ctx" 77Initialize a SHAKE128 context. 78Must be done before any other operations on 79.Fa ctx . 80.It Fn SHAKE128_Update "ctx" "data" "len" 81Append 82.Fa len 83octets at 84.Fa data 85to the message. 86.It Fn SHAKE128_Final "output" "outlen" "ctx" 87Store at 88.Fa output 89the first 90.Fa outlen 91octets of the SHAKE128 output for the message obtained by concatenating 92all prior inputs to 93.Fn SHAKE128_Update 94on 95.Fa ctx . 96.Pp 97Subsequent use of 98.Fa ctx 99is not allowed, unless it is reinitialized with 100.Fn SHAKE128_Init . 101.El 102.Sh SEE ALSO 103.Xr keccak 3 , 104.Xr sha3 3 , 105.Xr SHA3_Selftest 3 106.Sh STANDARDS 107.Rs 108.%A National Institute of Standards and Technology 109.%T SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions 110.%O FIPS PUB 202 111.%D August 2015 112.Re 113.Sh AUTHORS 114.An Taylor R Campbell Aq campbell+sha3@mumble.net 115